* This test suite requires a snapshotable share named FSHARE (see #def below).
*/
#include "includes.h"
-#include "librpc/gen_ndr/security.h"
#include "lib/param/param.h"
#include "libcli/smb2/smb2.h"
#include "libcli/smb2/smb2_calls.h"
#include "libcli/smb_composite/smb_composite.h"
#include "libcli/resolve/resolve.h"
#include "libcli/util/hresult.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_descriptor.h"
#include "torture/torture.h"
#include "torture/smb2/proto.h"
#include "torture/rpc/torture_rpc.h"
-#include "librpc/gen_ndr/ndr_fsrvp.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
#include "librpc/gen_ndr/ndr_fsrvp_c.h"
#define FSHARE "fsrvp_share"
#define FNAME "testfss.dat"
-uint8_t fsrvp_magic[] = {0x8a, 0xe3, 0x13, 0x71, 0x02, 0xf4, 0x36, 0x71,
- 0x02, 0x40, 0x28, 0x00, 0x3c, 0x65, 0xe0, 0xa8,
- 0x44, 0x27, 0x89, 0x43, 0xa6, 0x1d, 0x73, 0x73,
- 0xdf, 0x8b, 0x22, 0x92, 0x01, 0x00, 0x00, 0x00,
- 0x33, 0x05, 0x71, 0x71, 0xba, 0xbe, 0x37, 0x49,
- 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36,
- 0x01, 0x00, 0x00, 0x00};
-
static bool test_fsrvp_is_path_supported(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
r.in.ShareName = talloc_asprintf(tctx,"\\\\%s\\%s\\",
dcerpc_server_name(p),
FSHARE);
- /* win8 beta sends this */
- memcpy(r.in.magic, fsrvp_magic, sizeof(fsrvp_magic));
- status = dcerpc_fss_IsPathSupported_r(b, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status,
- "IsPathSupported failed");
-
- ZERO_STRUCT(r);
- r.in.ShareName = talloc_asprintf(tctx,"\\\\%s\\%s\\",
- dcerpc_server_name(p),
- FSHARE);
- /* also works without magic */
status = dcerpc_fss_IsPathSupported_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"IsPathSupported failed");
NTSTATUS status;
ZERO_STRUCT(r);
- /* win8 beta sends this */
- memcpy(r.in.magic, fsrvp_magic, sizeof(fsrvp_magic));
status = dcerpc_fss_GetSupportedVersion_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
- "GetSupportedVersion failed with magic");
-
- ZERO_STRUCT(r);
- /* also works without magic */
- status = dcerpc_fss_GetSupportedVersion_r(b, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status,
- "GetSupportedVersion failed without magic");
+ "GetSupportedVersion failed");
torture_comment(tctx, "got MinVersion %u\n", *r.out.MinVersion);
torture_comment(tctx, "got MaxVersion %u\n", *r.out.MaxVersion);
return true;
}
+enum test_fsrvp_inject {
+ TEST_FSRVP_TOUT_NONE = 0,
+ TEST_FSRVP_TOUT_SET_CTX,
+ TEST_FSRVP_TOUT_START_SET,
+ TEST_FSRVP_TOUT_ADD_TO_SET,
+ TEST_FSRVP_TOUT_PREPARE,
+ TEST_FSRVP_TOUT_COMMIT,
+
+ TEST_FSRVP_STOP_B4_EXPOSE,
+};
+
static bool test_fsrvp_sc_create(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char *share,
+ enum test_fsrvp_inject inject,
struct fssagent_share_mapping_1 **sc_map)
{
struct fss_IsPathSupported r_pathsupport_get;
NTSTATUS status;
time_t start_time;
TALLOC_CTX *tmp_ctx = talloc_new(tctx);
- struct fssagent_share_mapping_1 *map;
+ struct fssagent_share_mapping_1 *map = NULL;
+ int sleep_time;
/*
* PrepareShadowCopySet & CommitShadowCopySet often exceed the default
*/
dcerpc_binding_handle_set_timeout(b, 240);
- ZERO_STRUCT(r_pathsupport_get); /* sending with zeroed magic */
+ ZERO_STRUCT(r_pathsupport_get);
r_pathsupport_get.in.ShareName = share;
status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
torture_assert_ntstatus_ok(tctx, status,
torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
"path not supported");
- ZERO_STRUCT(r_version_get); /* sending with zeroed magic */
+ ZERO_STRUCT(r_version_get);
status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
torture_assert_ntstatus_ok(tctx, status,
- "GetSupportedVersion failed without magic");
+ "GetSupportedVersion failed");
torture_assert_int_equal(tctx, r_version_get.out.result, 0,
"failed GetSupportedVersion response");
torture_assert_int_equal(tctx, r_context_set.out.result, 0,
"failed SetContext response");
+ if (inject == TEST_FSRVP_TOUT_SET_CTX) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 180);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
ZERO_STRUCT(r_scset_start);
r_scset_start.in.ClientShadowCopySetId = GUID_random();
status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
torture_assert_ntstatus_ok(tctx, status,
"StartShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_SET_CTX) {
+ /* expect error due to message sequence timeout after set_ctx */
+ torture_assert_int_equal(tctx, r_scset_start.out.result,
+ FSRVP_E_BAD_STATE,
+ "StartShadowCopySet timeout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_start.out.result, 0,
"failed StartShadowCopySet response");
torture_comment(tctx, "%s: shadow-copy set created\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId));
+ if (inject == TEST_FSRVP_TOUT_START_SET) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 180);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
ZERO_STRUCT(r_scset_add1);
r_scset_add1.in.ClientShadowCopyId = GUID_random();
r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1);
torture_assert_ntstatus_ok(tctx, status,
"AddToShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_START_SET) {
+ torture_assert_int_equal(tctx, r_scset_add1.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "AddToShadowCopySet timeout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_add1.out.result, 0,
"failed AddToShadowCopySet response");
torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n",
FSRVP_E_OBJECT_ALREADY_EXISTS,
"failed AddToShadowCopySet response");
+ if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 1800);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_prep);
r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep);
torture_assert_ntstatus_ok(tctx, status,
"PrepareShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
+ torture_assert_int_equal(tctx, r_scset_prep.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "PrepareShadowCopySet tout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_prep.out.result, 0,
"failed PrepareShadowCopySet response");
torture_comment(tctx, "%s: prepare completed in %llu secs\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
(unsigned long long)(time_mono(NULL) - start_time));
+ if (inject == TEST_FSRVP_TOUT_PREPARE) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 1800);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_commit);
r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit);
torture_assert_ntstatus_ok(tctx, status,
"CommitShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_PREPARE) {
+ torture_assert_int_equal(tctx, r_scset_commit.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "CommitShadowCopySet tout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_commit.out.result, 0,
"failed CommitShadowCopySet response");
torture_comment(tctx, "%s: commit completed in %llu secs\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
(unsigned long long)(time_mono(NULL) - start_time));
+ if (inject == TEST_FSRVP_TOUT_COMMIT) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 180);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) {
+ /* return partial snapshot information */
+ map = talloc_zero(tctx, struct fssagent_share_mapping_1);
+ map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+ map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
+ goto done;
+ }
+
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_expose);
r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose);
torture_assert_ntstatus_ok(tctx, status,
"ExposeShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_COMMIT) {
+ torture_assert_int_equal(tctx, r_scset_expose.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "ExposeShadowCopySet tout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
"failed ExposeShadowCopySet response");
torture_comment(tctx, "%s: expose completed in %llu secs\n",
&map->ShadowCopyId),
"sc GUID missmatch in GetShareMapping");
+done:
talloc_free(tmp_ctx);
*sc_map = map;
char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
dcerpc_server_name(p), FSHARE);
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
NTSTATUS status;
TALLOC_CTX *tmp_ctx = talloc_new(tctx);
- ZERO_STRUCT(r_pathsupport_get); /* sending with zeroed magic */
+ ZERO_STRUCT(r_pathsupport_get);
r_pathsupport_get.in.ShareName = share_unc;
status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
torture_assert_ntstatus_ok(tctx, status,
torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
"path not supported");
- ZERO_STRUCT(r_version_get); /* sending with zeroed magic */
+ ZERO_STRUCT(r_version_get);
status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
torture_assert_ntstatus_ok(tctx, status,
- "GetSupportedVersion failed without magic");
+ "GetSupportedVersion failed");
ZERO_STRUCT(r_context_set);
r_context_set.in.Context = FSRVP_CTX_BACKUP;
char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
dcerpc_server_name(p), FSHARE);
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
ZERO_STRUCT(r_sharemap_del);
torture_assert_ntstatus_ok(tctx, status, "src write");
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
status = smb2_util_write(tree_base, base_fh, "post-snap", 0,
"count");
torture_assert_int_equal(tctx, count, 0, "num snaps");
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
talloc_free(sc_map);
torture_assert_int_equal(tctx, count, 1, "num snaps");
smb_msleep(1100); /* @GMT tokens have a 1 second resolution */
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
talloc_free(sc_map);
return true;
}
+static bool test_fsrvp_seq_timeout(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ int i;
+ struct fssagent_share_mapping_1 *sc_map;
+ char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+ dcerpc_server_name(p), FSHARE);
+
+ for (i = TEST_FSRVP_TOUT_NONE; i <= TEST_FSRVP_TOUT_COMMIT; i++) {
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
+ i, &sc_map),
+ "sc create");
+
+ /* only need to delete if create process didn't timeout */
+ if (i == TEST_FSRVP_TOUT_NONE) {
+ torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map),
+ "sc del");
+ }
+ }
+
+ return true;
+}
+
+static bool test_fsrvp_share_sd(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct dcerpc_pipe *srvsvc_p;
+ struct srvsvc_NetShareGetInfo q;
+ struct srvsvc_NetShareSetInfo s;
+ struct srvsvc_NetShareInfo502 *info502;
+ struct fssagent_share_mapping_1 *sc_map;
+ struct fss_ExposeShadowCopySet r_scset_expose;
+ struct fss_GetShareMapping r_sharemap_get;
+ struct security_descriptor *sd_old;
+ struct security_descriptor *sd_base;
+ struct security_descriptor *sd_snap;
+ struct security_ace *ace;
+ int i;
+ int aces_found;
+ char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+ dcerpc_server_name(p), FSHARE);
+ ZERO_STRUCT(q);
+ q.in.server_unc = dcerpc_server_name(p);
+ q.in.share_name = FSHARE;
+ q.in.level = 502;
+
+ status = torture_rpc_connection(tctx, &srvsvc_p, &ndr_table_srvsvc);
+ torture_assert_ntstatus_ok(tctx, status, "srvsvc rpc conn failed");
+
+ /* ensure srvsvc out pointers are allocated during unmarshalling */
+ srvsvc_p->conn->flags |= DCERPC_NDR_REF_ALLOC;
+
+ /* obtain the existing DACL for the base share */
+ status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
+ tctx, &q);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+ torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+
+ info502 = q.out.info->info502;
+
+ /* back up the existing share SD, so it can be restored on completion */
+ sd_old = info502->sd_buf.sd;
+ sd_base = security_descriptor_copy(tctx, info502->sd_buf.sd);
+ torture_assert(tctx, sd_base != NULL, "sd dup");
+ torture_assert(tctx, sd_base->dacl != NULL, "no existing share DACL");
+
+ /* the Builtin_X_Operators placeholder ACEs need to be unique */
+ for (i = 0; i < sd_base->dacl->num_aces; i++) {
+ ace = &sd_base->dacl->aces[i];
+ if (dom_sid_equal(&ace->trustee,
+ &global_sid_Builtin_Backup_Operators)
+ || dom_sid_equal(&ace->trustee,
+ &global_sid_Builtin_Print_Operators)) {
+ torture_skip(tctx, "placeholder ACE already exists\n");
+ }
+ }
+
+ /* add Backup_Operators placeholder ACE and set base share DACL */
+ ace = talloc_zero(tctx, struct security_ace);
+ ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ ace->access_mask = SEC_STD_SYNCHRONIZE;
+ ace->trustee = global_sid_Builtin_Backup_Operators;
+
+ status = security_descriptor_dacl_add(sd_base, ace);
+ torture_assert_ntstatus_ok(tctx, status,
+ "failed to add placeholder ACE to DACL");
+
+ info502->sd_buf.sd = sd_base;
+ info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
+
+ ZERO_STRUCT(s);
+ s.in.server_unc = dcerpc_server_name(p);
+ s.in.share_name = FSHARE;
+ s.in.level = 502;
+ s.in.info = q.out.info;
+
+ status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+ tctx, &s);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+ torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+ /* create a snapshot, but don't expose yet */
+ torture_assert(tctx,
+ test_fsrvp_sc_create(tctx, p, share_unc,
+ TEST_FSRVP_STOP_B4_EXPOSE, &sc_map),
+ "sc create");
+
+ /*
+ * Add another unique placeholder ACE.
+ * By changing the share DACL between snapshot creation and exposure we
+ * can determine at which point the server clones the base share DACL.
+ */
+ ace = talloc_zero(tctx, struct security_ace);
+ ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ ace->access_mask = SEC_STD_SYNCHRONIZE;
+ ace->trustee = global_sid_Builtin_Print_Operators;
+
+ status = security_descriptor_dacl_add(sd_base, ace);
+ torture_assert_ntstatus_ok(tctx, status,
+ "failed to add placeholder ACE to DACL");
+
+ info502->sd_buf.sd = sd_base;
+ info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
+
+ ZERO_STRUCT(s);
+ s.in.server_unc = dcerpc_server_name(p);
+ s.in.share_name = FSHARE;
+ s.in.level = 502;
+ s.in.info = q.out.info;
+
+ status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+ tctx, &s);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+ torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+ /* expose the snapshot share and get the new share details */
+ ZERO_STRUCT(r_scset_expose);
+ r_scset_expose.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+ r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */
+ status = dcerpc_fss_ExposeShadowCopySet_r(p->binding_handle, tctx,
+ &r_scset_expose);
+ torture_assert_ntstatus_ok(tctx, status,
+ "ExposeShadowCopySet failed");
+ torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
+ "failed ExposeShadowCopySet response");
+
+ ZERO_STRUCT(r_sharemap_get);
+ r_sharemap_get.in.ShadowCopyId = sc_map->ShadowCopyId;
+ r_sharemap_get.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+ r_sharemap_get.in.ShareName = share_unc;
+ r_sharemap_get.in.Level = 1;
+ status = dcerpc_fss_GetShareMapping_r(p->binding_handle, tctx,
+ &r_sharemap_get);
+ torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed");
+ torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0,
+ "failed GetShareMapping response");
+ talloc_free(sc_map);
+ sc_map = r_sharemap_get.out.ShareMapping->ShareMapping1;
+
+ /* restore the original base share ACL */
+ info502->sd_buf.sd = sd_old;
+ info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_old, 0);
+ status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+ tctx, &s);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+ torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+ /* check for placeholder ACEs in the snapshot share DACL */
+ ZERO_STRUCT(q);
+ q.in.server_unc = dcerpc_server_name(p);
+ q.in.share_name = sc_map->ShadowCopyShareName;
+ q.in.level = 502;
+ status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
+ tctx, &q);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+ torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+ info502 = q.out.info->info502;
+
+ sd_snap = info502->sd_buf.sd;
+ torture_assert(tctx, sd_snap != NULL, "sd");
+ torture_assert(tctx, sd_snap->dacl != NULL, "no snap share DACL");
+
+ aces_found = 0;
+ for (i = 0; i < sd_snap->dacl->num_aces; i++) {
+ ace = &sd_snap->dacl->aces[i];
+ if (dom_sid_equal(&ace->trustee,
+ &global_sid_Builtin_Backup_Operators)) {
+ torture_comment(tctx,
+ "found share ACE added before snapshot\n");
+ aces_found++;
+ } else if (dom_sid_equal(&ace->trustee,
+ &global_sid_Builtin_Print_Operators)) {
+ torture_comment(tctx,
+ "found share ACE added after snapshot\n");
+ aces_found++;
+ }
+ }
+ /*
+ * Expect snapshot share to match the base share DACL at the time of
+ * exposure, not at the time of snapshot creation. This is in line with
+ * Windows Server 2012 behaviour.
+ */
+ torture_assert_int_equal(tctx, aces_found, 2,
+ "placeholder ACE missing from snap share DACL");
+
+ torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
+
+ return true;
+}
+
static bool fsrvp_rpc_setup(struct torture_context *tctx, void **data)
{
NTSTATUS status;
/* override torture_rpc_setup() to set DCERPC_NDR_REF_ALLOC */
tcase->tcase.setup = fsrvp_rpc_setup;
+ torture_rpc_tcase_add_test(tcase, "share_sd",
+ test_fsrvp_share_sd);
+ torture_rpc_tcase_add_test(tcase, "seq_timeout",
+ test_fsrvp_seq_timeout);
torture_rpc_tcase_add_test(tcase, "enum_created",
test_fsrvp_enum_created);
torture_rpc_tcase_add_test(tcase, "sc_share_io",
git.samba.org / samba.git / blobdiff